jueves, enero 22, 2015

If American astronauts hitching a ride from the Russians to the
International Space Station didn't ruffle enough feathers, there's
growing concern about a proposal to use Moscow's satellites to transmit
America's 911 emergency calls.

Wireless carriers and public safety organizations have pitched the
idea of using Russia's system to the Federal Communications Commission,
as part of their recommendations for improving 911 response. Part of the
concern is that under the current system, operators have a hard time
locating people calling from cell phones indoors -- and Russia's
satellite system, called GLONASS, might be able to help.

But Rep. Mike Rogers, R-Ala., head of a House Armed Services
subcommittee, has raised concerns about the influence that might give
Vladimir Putin's Russia over the U.S. system.

In a Jan. 21 letter to Defense Secretary Chuck Hagel and Director of
National Intelligence James Clapper, Rogers specifically questioned
whether Putin might be able to use GLONASS "as a weapon" against the
U.S., holding the 911 system "hostage" if he wanted.

He warned the U.S. could be poised to "disregard" the threat from
Putin "so soon after Russia's illegal seizure of Ukrainian territory" --
a source of flaring tension between Russia and the United States.

"In view of the threat posed to the world by Russia's Vladimir Putin,
it cannot be seriously considered that the U.S. would rely on a system
in that dictator's control for its wireless 911 location capability,"
Rogers wrote, adding: "Our response to Russia's hybrid warfare, arms
control cheating, illegal invasions of sovereign nations, and
energy-based extortion must be broad-based isolation and
counter-leverage."

But Brian Fontes, CEO of the National Emergency Number Association
(NENA) which is among the groups pushing the new plan, described such
concerns as "scare tactics."

"They are spreading rumors that we are relying on the Russian
government and doing harm, and on its face it's bogus," he told
FoxNews.com. "They are projecting all this on a system that may be up
and running in the future. It's hyperbole."

The FCC plans to hold a meeting on Jan. 29, where the proposal could
come up. The agency is reviewing the 911 service in light of
difficulties first responders sometimes have finding people who call
from wireless phones indoors under the United States' GPS system. Though
the agency currently requires wireless providers to transmit location
information to 911 call centers, there are still challenges in finding
people -- particularly in large, multi-story buildings. The FCC wants
wireless providers eventually to be able to transmit more accurate
information.

Retired Rear Adm. David Simpson, head of the FCC's Public Safety and
Homeland Security Bureau, said in a statement the agency is "committed
to protecting both public safety and national security as we continue to
examine the input and issues in the proceeding, and will coordinate
with our colleagues across the government to ensure that national
security needs are addressed."

He underscored the urgency of a 911 overhaul in a blog post last month.

"The vast majority of 911 calls are from mobile phones, and we are
not where we need to be on location accuracy for wireless 911 calls," he
wrote. "This puts American lives at risk and requires swift action from
the FCC, from wireless carriers, and from public safety officials."

The four largest wireless carriers, joined by two public safety
organizations including NENA, proposed the plan, which among other
components suggests using Russia's GLONASS satellite system to help
locate 911 callers.

Fontes said the industry is interested in pursuing all manner of
solutions for boosting location accuracy, including improved GPS,
sensors and beacon technology -- but using other countries' capabilities
should be on the table.

"If there is any proven -- heavy on the word proven -- and secure --
heavy on the word secure -- means of identifying where a 911 call is
originating, I think any of those secure and proven systems should be
considered by wireless providers," he said.

A Sprint representative reportedly said in a recent letter to FCC
officials that their plan does not call for relying exclusively on the
GLONASS system -- just using it to help improve location information.

According to The Washington Times, The Association of Public-Safety
Communications also penned a recent letter to the FCC describing the
national security warnings as "plainly false statements that stretch the
imagination."

It’s no secret that Google keeps an eye on what users of its services
are into. But on Monday, the company updated Gmail’s terms of service
to spell out its relationship with users in no uncertain terms:
“Our automated systems analyse your content (including emails) to
provide you personally relevant product features, such as customised
search results, tailored advertising, and spam and malware detection.
This analysis occurs as the content is sent, received, and when it is
stored.”

A Google spokesman told The New York Times that the changes “will
give people even greater clarity and are based on feedback we’ve
received over the last few months.”

By feedback, Google might mean a federal judge’s swift denial of the
company’s attempt to dismiss a lawsuit filed by Gmail users and
non-users who’ve sent emails to Gmail accounts. The lawsuit claimed
Google violated federal and state wiretapping laws by scanning emails
without consent.

In its motion to dismiss, Google argued that Gmail and non-Gmail
users had given express or implied consent to have their e-mails
scanned. Northern California US District Judge Lucy Koh rejected
Google’s claims, noting that Google’s terms of service didn’t explicitly
say they scanned emails.

Google has officially updated their terms of service to allow the company to use your name and image on their ads that populate the internet.

If you have a Google Account, we may display your Profile name, Profile photo, and actions you take on Google or on third-party applications connected to your Google Account (such as +1’s, reviews you write and comments you post) in our Services, including displaying in ads and other commercial contexts. We will respect the choices you make to limit sharing or visibility settings in your Google Account. For example, you can choose your settings so your name and photo do not appear in an ad.

The Wall Street Journal provides this nifty chart to see what your social networks are using you to promote.

The new "shared endorsements" are ruffling some privacy feathers. "We think it's a problem," says Marc Rotenberg, executive director of the Electronic Privacy Information Center. "It's a commercial endorsement without consent and that is not permissible in most states in the U.S."

Facebook tried something similar and was forced to pay a $20M settlement, when they were sued in a class action suit. Facebook had used "endorsements" in the ads run on the social network, but they did not provide a way for users to opt out.

miércoles, diciembre 11, 2013

A new information leak from Edward Snowden reveals that the NSA is using Google's tracking cookies to identify targets for government hacking. The Washington Post reports that Snowden's documents "show that when companies follow consumers on the Internet to better serve them advertising, the technique opens the door for similar tracking by the government. The slides also suggest that the agency is using these tracking techniques to help identify targets for offensive hacking operations."

These tracking cookies allow a website to identify a user's browser, but do not contain any personal information. "This cookie allows NSA to single out an individual's communications among the sea of Internet data in order to send out software that can hack that person's computer."

The slides released by Snowden do not say how the government accesses Google's tracking cookies, "but other documents reviewed by the Post indicate that cookie information is among the data NSA can obtain with a Foreign Intelligence Surveillance Act order."

lunes, diciembre 09, 2013

By RAPHAEL SATTER/ Associated Press
American and British intelligence operations have been spying on gamers across the world, media outlets reported, saying that the world's most powerful espionage agencies sent undercover agents into virtual universes to monitor activity in online fantasy games such as "World of Warcraft."

Stories carried Monday by The New York Times, the Guardian, and ProPublica said U.S. and U.K. spies have spent years trawling online games for terrorists or informants. The stories, based on documents leaked by former National Security Agency contractor Edward Snowden, offer an unusual take on America's world-spanning surveillance campaign, suggesting that even the fantasy worlds popular with children, teens, and escapists of all ages aren't beyond the attention of the NSA and its British counterpart, GCHQ.

Virtual universes like "World of Warcraft" can be massively popular, drawing in millions of players who log months' worth of real-world time competing with other players for online glory, virtual treasure, and magical loot. At its height, "World of Warcraft" boasted some 12 million paying subscribers, more than the population of Greece. Other virtual worlds, like Linden Labs' "Second Life" or the various games hosted by Microsoft's Xbox _ home to the popular science fiction-themed shoot-em-up "Halo" _ host millions more.

Spy agencies have long worried that such games serve as a good cover for terrorists or other evildoers who could use in-game messaging systems to swap information. In one of the documents cited Monday by media outlets, the NSA warned that the games could give intelligence targets a place to "hide in plain sight."

Linden Labs and Microsoft Inc. did not immediately return messages seeking comment. In a statement, Blizzard Entertainment said that it is "unaware of any surveillance taking place. If it was, it would have been done without our knowledge or permission."

Microsoft issued a similar statement, saying it is "not aware of any surveillance activity. If it has occurred as reported, it certainly wasn't done with our consent."

The 82-page-document, published on The New York Times' website, also noted that opponents could use video games to recruit other users or carry out virtual weapons training _ pointing to the Sept. 11, 2001, hijackers as examples of terrorists who had used flight simulation software to hone their skills.

Important details _ such as how the agencies secured access to gamers' data, how many players' information was compromised, or whether Americans were swept up in the spying _ were not clear, the Times and ProPublica said, but the reports point to a determined effort to infiltrate a world many people associate with adolescents and shut-ins.

At the request of GCHQ, the NSA began extracting "World of Warcraft" data from its global intelligence haul, trying to tie specific accounts and characters to Islamic extremism and arms dealing efforts, the Guardian reported. Intelligence on the fantasy world could eventually translate to real-world espionage success, one of the documents suggested, noting that "World of Warcraft" subscribers included "telecom engineers, embassy drivers, scientists, the military and other intelligence agencies."

"World of Warcraft" wasn't the only target. Another memo noted that GCHQ had "successfully been able to get the discussions between different game players on Xbox Live." Meanwhile, so many U.S. spies were roaming around "Second Life" that a special "deconfliction" unit was set up to prevent them from stepping on each other's toes.

martes, noviembre 26, 2013

Microsoft is moving toward a major new effort to encrypt its Internet traffic after concluding that the National Security Agency may have broken into its global communications systems, said people familiar with the emerging plans.

Suspicions at Microsoft, while building for several months, sharpened in October when it was reported that the NSA was intercepting traffic inside the private networks of Google and Yahoo, two industry rivals with similar global infrastructures, said people with direct knowledge of the company’s deliberations. They said top Microsoft executives are meeting this week to decide what encryption initiatives to deploy and how quickly.

Documents obtained from former NSA contractor Edward Snowden suggest — though do not prove — that the company is right to be concerned. Two previously unreleased slides that describe operations against Google and Yahoo include references to Microsoft’s Hotmail and Windows Live Messenger services. A separate NSA e-mail mentions Microsoft Passport, a Web-based service formerly offered by Microsoft, as a possible target of that same surveillance project, called MUSCULAR, which was first disclosed by The Post last month.

In the book and movie "World War Z," the first mention of the zombie epidemic comes thanks to a software decryption program spying on Chinese email. Brad Pitt stars as the former UN official who fights the epidemic.

Do recent revelations about the NSA’s surveillance programs have you spooked that Big Brother is watching? You’re not alone. Decades of movies, television shows, and Hollywood espionage flicks have fed our paranoid fantasies when it comes to fears that the government might be listening in on our phone calls, tracking our movements, perusing our sexts, and rifling through our emails. Even President Obama said in June that professed NSA leaker Edward Snowden’s flight from the U.S. had all the plot points of a summer spy thriller.

Test yourself. Can you sort out the fact from the fiction in the high-tech cloak-and-dagger scenarios outlined below?

A 'muscular' development
1. A national intelligence agency secretly breaks in to the main communication links at two major technology companies, positioning itself to collect information at will from millions of user accounts. But agency sources claim they're only looking at foreign data, filtering out anything with an American area code. One program is code-named "MUSCULAR." Fact or fiction?

Is that a code word for war?
2. An intelligence service using a software decryption program discovers that an Asian country is hiding a new viral outbreak, but the details are so horrific that the decoders believe the talk of illness must be code for a new weapons system or ultrasecret war plan. Fact or fiction?

A: Fiction. It happens in Max Brooks' "World War Z," a novel made into a movie starring Brad Pitt, and the virus is creating zombies.

Help us, rebel hacker, you're our only hope
3. Intelligence officers enlist an on-the-run hacker to steal a black box capable of breaking encryption on almost all computer systems, which the agency can then use to spy on other agencies. Fact or fiction?

A: Fiction. It was the central plot of the 1992 movie "Sneakers," starring Robert Redford.

Universal

The 1992 film "Sneakers" involved complicated computer hacking and espionage.

We're shocked, shocked about this
4. The nation's top intelligence official confirms they have been monitoring the phone calls of foreign leaders for years, and cites the false shock over gambling in the movie "Casablanca" to suggest international outrage is disingenuous. Fact or fiction?

A: Fact. Director of National Intelligence James Clapper cited the film when speaking to Congress, saying, "'My God, there's gambling going on here?' It's the same kind of thing," he said.

Little pitchers have big ears
5. It's revealed that a government agency has access to a program it calls XKeyscore, which can track Americans' email and online chat in real time. Fact or fiction?

A: Fact. According to information NSA leaker Edward Snowden shared with the U.K. Guardian, the program gathers data from across the Internet which can later be searched for names, phone numbers, keywords and more.

Interior motives
6. A NATO monitoring facility observes the troubling activities of a scientist and then enlists a British agent to implant a homing device inside the body of the scientist's co-worker. Fact or fiction?

A. Fiction. The "scientist" is Dr. Evil, the "British agent" Austin Powers, and the "co-worker" is Dr. Evil's henchman Fat Bastard, in "Austin Powers: The Spy Who Shagged Me." You don't even want to know how Fat Bastard ejects the homing device from his body. Yeah, baby.

The Internet makes it easy to send information to far flung places in an instant – hit “send” and poof there it goes. But where does that information go, how does it get there and who gets access to the data?

Every second of every day billions of bits of data speed through an elaborate network, many created and controlled by companies such as Yahoo and Google.

Indeed, the latest leaks from former NSA contractor Edward Snowden, first reported by the Washington Post and confirmed by NBC News, say that NSA has tapped into Google and Yahoo's data cables and vacuumed up emails and phone records, although security official say Americans are filtered out.

Big tech companies — among them Facebook, Microsoft, AOL and Apple, in addition to Google and Yahoo — say the worry they’re losing an arms race to secure their users’ information and have called on new laws to stop U.S. intelligence agencies from breaking into data centers.

Those data centers, often misleadingly called the “cloud,” in reality have nothing ethereal about them. They’re thousands of miles of cables and high-tech switchers and computers. They’re warehouse-sized buildings that hum with servers to collect and store huge reams of data.

“For your email account you know you can have years worth of data stored in your account,” Kim Zetter of Wired magazine told NBC News.

Google alone has six such large datacenters in the United States, and another seven are overseas.

“A lot of people think if I'm in the U.S., my data is stored in the U.S., and that's really not the case,” Zetter said.

Jim Stickley, a cyber security expert, said it's those cables where the vulnerability lies.

“You have thousands and thousands of miles of cable out there of this fiber optic cable,” Stickley said. “And so presumably the NSA has founds somewhere to gain access to this cable and physically attach some sort of device to capture date on this network.”

On Thursday, Google issued a statement, which said, in part: "We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks"

Google said it is now working to encrypt its high-speed fiber optic lines in order to counter NSA snooping.

But even if that company’s system is secure, it’s clear that these internet giants have become the gatekeepers of our digital lives.

“We have put all of our digital eggs into their baskets, they're not in ours anymore,” Lee Tien of the Electronic Frontier Foundation told NBC News. “and whether that's wise in terms of privacy and security is, I think, a very open question.”

Bruce Schneier, a Harvard Law School fellow who writes frequently on cybersecurity, said there's only one sure fire way to protect yourself from snooping, and it’s an idea most people won’t like: Give up your email.

“You cannot be on the systems. That’s what you can do,” he said in a telephone interview. “Whenever you go into a cloud, you have to trust the cloud provider. There’s nothing you can do. It’s not your data. It’s their data.”

One reason there is so much data collection, Schneier said, is that “Surveillance is very, very cheap, that’s the problem."

He added, "Adding encryption makes surveillance more expensive, Which means they can’t do it as much.”

So, for anyone feeling a little digitally vulnerable, there appears to be only one way around it: Write a letter and get a stamp.

Andrea Mitchell and Erin McClam of NBC News contributed to this report.

Google has made a fortune selling ads. Now it’s trying to put its hundreds of millions of users to work as company pitchmen, using the profiles, pictures and recommendations of ordinary people to endorse products and services across the Web.
After the policy takes effect Nov. 11, users who review a video on YouTube or a restaurant on Zagat.com could see their name, photo and comments show up in ads on any of the 2 million Web sites that are part of the company’s display advertising network.

The controversial practice, announced Friday by Google, is part of an emerging trend on the Internet. Advertisers believe that consumers place enormous value on product endorsements that come from a friend or family member, and growing numbers of Web companies are trying to capture that social advertising in a systematic way.
But critics say tactics that further exploit the data people leave online amount to a bait-and-switch. People signed up for Google’s services because they were free and convenient. They probably never thought their words and identities would be put in front of strangers to sell a product.
Users who casually endorse a product or song on Facebook or Google “may be exposed to unwanted, and possibly misunderstood, implications,” said Eric Goldman, a professor of Internet law at Santa Clara University law school.
Google said the launch of “shared endorsements” will help consumers make better choices. “We want to give you — and your friends and connections — the most useful information. Recommendations from people you know can really help,” the company wrote in its announcement.
It added that users can opt out of the ads and that it will automatically exclude anyone under the age of 18.
The announcement follows a similar advertising feature by Facebook called “sponsored stories,” which turns a recommendation made through the social network’s “like” button into an advertising endorsement on a friend’s Facebook page. The company has said its users cannot opt out of the practice. About 1.2 billion people are on Facebook.
Last month, the Federal Trade Commission said it would review whether Facebook’s push into sponsored stories violated the company’s 2011 privacy settlement with the federal government. That agreement required Facebook to give adequate notice of changes in privacy policies and to make sure users aren’t misled about how their data is being used.
Due to the government shutdown, the FTC said it could not respond to a question on whether its investigators would also examine Google’s new advertising practice.
Google said its new advertising policy would apply only to the 390 million people who have signed up for Google Plus, the company’s social network. The company can also draw on endorsements made with Google’s +1 button, which is similar to Facebook’s “like” button and appears on sites across the Web.
A user who wants to limit the reach of his or her advertising endorsements could adjust settings so that a positive review for, say, a car is shared only with a small circle of friends on Google Plus, the company said.
Some privacy experts commended the way Google is rolling out the feature by giving users a month’s notice of the changes and options to decline.
“Some people may like the fact that their reviews will be promoted and more influential. Others have a pretty easy way to opt out,” said Jules Polonetsky, executive director of the Future of Privacy Forum.
In May 2012, Google agreed to a $22.5 million FTC fine for misrepresenting its tracking practices on the Safari browser used on Apple devices. The settlement included continued supervision of the firm’s disclosures about how it handles users’ data.
Google said it will display the latest change in its privacy policy on its main home page, through Google Plus notifications and in other prominent places.
Still, some privacy advocates remained skeptical of the search giant.
“This move by Google reflects the growing and unchecked expansion of online data collection by the industry,” said Jeff Chester, executive director of the Center for Digital Democracy. Hayley Tsukayama contributed to this report.

On August 12, 2013, President Barack Obama announced (Document 118) the impending creation of a group to review U.S. signals intelligence capabilities and communications technologies. Its mandate would be to "assess whether, in light of advancements in communications technologies, the United States employs its technical collection capabilities in a manner that optimally protects our national security and advances our foreign policy while appropriately accounting for other policy considerations, such as the risk of unauthorized disclosure and our need to maintain the public trust." That same day, Director of National Intelligence James R. Clapper, Jr. announced (Document 119) that he would be establishing the review group and its final report would be due no later than December 15, 2013.

The catalyst for the president's announcement was an unexpected event that occurred just a little over two months previously. On June 5, a British newspaper, The Guardian, began publishing a series of articles disclosing highly classified aspects of, and documents about, certain National Security Agency (NSA) electronic surveillance operations involving not only extensive collection of foreign communications, including Internet traffic, but the collection of the metadata associated with phone calls (foreign and domestic) made by United States citizens. A few days later, The Guardian revealed its source to be Edward J. Snowden, a former CIA employee who had been working at a NSA facility in Hawaii as an employee of Booz Allen Hamilton.

On June 14, the United States filed a sealed criminal complaint against Snowden, releasing only one page (Document 74) to the public. Subsequently, Snowden departed Hong Kong, where he had been staying for the previous month (reportedly spending his final two days at the Russian consulate[1]), using a SAFEPASS (Document 83) issued by the Ecuadoran embassy in London. He arrived at Moscow's Sheremetyevo airport while seeking asylum elsewhere. While in Russia, he issued several statements (Document 97). During that time, the United States sought to discourage nations offering Snowden asylum and pre-emptively requested his extradition (Document 81) from at least one nation.

Snowden's potential movements also became the subject of a letter (Document 91) from his father's lawyer to Attorney General Eric Holder asking for three guarantees to encourage his son to return home, including that he would not be detained or imprisoned prior to trial. Subsequently, in response to reported claims that Snowden feared being tortured if he returned, Holder wrote (Document 105) to the Russian Minister of Justice, assuring him that Snowden would not be tortured or face the death penalty if he returned (or was returned) to the United States.

Director of National Intelligence James Clapper (Photo: ODNI)

The controversy that has erupted over Snowden and his disclosures is not the first time NSA has been at the center of controversy. In the 1970s, through leaks, investigative reporting, and congressional inquiries, the public learned of projects SHAMROCK and MINARET. The SHAMROCK program (1945-1975) involved several U.S. companies turning over the telegraphic communications that passed over their networks. Project MINARET "was essentially the NSA's watch list" and "used existing SIGINT accesses" to search for "terms, names, and references associated with certain American citizens." While MINARET officially began in 1969, the watch list activity had started at least as early as 1960, and did not originally involve American citizens. In 1975, The Washington Post reported that the watch list had included prominent anti-Vietnam war activists such as Jane Fonda and Benjamin Spock.[2]

In the 1990s, major concern arose — more overseas than in the United States — about a program designated ECHELON. That program involved the installation of software at a select number of "COMSAT Intercept" sites operated by what are today designated the "FIVE EYES" nations — the United States, the United Kingdom, Canada, Australia, and New Zealand. The sites intercepted the traffic flowing through communications satellites and the ECHELON software sorted through it (particularly printed fax transmissions), routing those containing pre-selected key words to analysts in whatever FIVE EYES nation had expressed interest. However, claims that ECHELON was a far more extensive global surveillance operation produced an international controversy and a European Parliament investigation.[3]

Perhaps the controversy around ECHELON would have had a significantly longer life had it not been for the terrorist attacks of September 11, 2001. But those events presaged the more recent controversies. In May 2006, USA Today published an article titled "NSA Has Massive Database on Americans' Phone Calls: 3 Telecoms Help Government Collect Billions of Domestic Records."[4] One lawsuit that followed was based on the claims of an AT&T employee (Document 11) concerning a special room containing surveillance equipment at an AT&T San Francisco facility.

However, there was a lack of official acknowledgment or leaked documents to support the claims. Thus, an August 2007 Congressional Research Service examination of the issue (Document 15) noted that "the factual information available in the public domain with respect to any such alleged program is limited and in some instances inconsistent, and the application, if at all, of any possible relevant statutory provisions to any such program is likely a very fact specific inquiry." The CRS study also stated that "It is possible that any information provided to the NSA from the telephone service providers was provided in response to a request for information, not founded on a statutory basis."[5]

In contrast, the pre-August 12 disclosures in The Guardian, as well in The Washington Post and the Brazilian media, were based on a variety of document sources. Further, the online stories provided links to many of the key leaked documents, including an inspector general's report on the STELLARWIND Program (Document 23) — also known as the President's Surveillance Program (Document 24) — as well as Top Secret documents specifying procedures concerned with targeting (Document 25) and the 'minimization of data' about U.S. persons (Document 26). Also appearing on the web were selected slides from a 41-slide presentation (Document 55) on a program referred to as PRISM — involving the collection of Internet traffic from a variety of service providers — as well as a presentation on XKEYSCORE (Document 18), which sorts through intercepted traffic.

Along with the PRISM revelations, charges that the U.S. had bugged the facilities of European governments produced the greatest reaction in Europe — and the announcement (Document 95) of an investigation. However, the focus in the United States revolved around two programs, the Section 215 Bulk Collection Program and the 'PRISM' program, the latter based on Section 702 of the Foreign Intelligence Surveillance Act of 1978 Amendments Act (Document 20).

Among the first documents The Guardian disclosed was a 4-page Top Secret 'Secondary Order' (Document 59) from the Foreign Intelligence Surveillance Court (FISC) that commanded Verizon Business Network Services to provide an electronic copy of two 'tangible' things: "all call detail records or 'telephony metadata' created by Verizon for (i) communications between the United States and abroad; or (ii) wholly within the United States." The government subsequently released a heavily redacted version of the Primary Order (Document 58) from the surveillance court.

The leak of documents concerning the Bulk Collection program had a number of consequences leading up to the review ordered by President Obama. The leaks provided new data on the evolution of the program (Document 12, Document 17), reporting to Congress (Document 28, Document 32), challenges by Sen. Ron Wyden (D-OR) and others to the legal interpretations employed to justify the program (Document 10, Document 34, Document 63, Document 90a), as well as official reaction to those challenges (Document 37, Document 90b). The leaks also resulted in attempts by the government (Document 79, Document 92) to provide public reassurance — both with regard to the legality and utility of the program — including a single-spaced 22-page white paper (Document 115). Labeled "Administration White Paper" and lacking any specific agency source, the document seems to include the kind of legal language and justifications that would likely appear in the still-Secret Office of Legal Counsel opinions describing the government's legal bases for the programs. Such attempts also met with rebuttals ( Document 68) by those less convinced of the utility of the Bulk Collection effort.

Senator Ron Wyden (D-OR) (Photo: www.wyden.senate.gov)

Because of the leaks, DNI James Clapper had to provide various explanations (Document 71, Document 82) for his "no" response to a question Wyden had posed to him at a public hearing in March. Wyden had inquired whether the NSA collected "any kind of data at all" on millions or hundreds of millions of Americans.

In addition, there were amendments introduced in Congress that would have terminated the program — including Sen. Rand Paul's (R-KY) "Fourth Amendment Restoration Act" (Document 67) and an amendment (Document 101) by Representatives Justin Amash (R-MI) and John Conyers (D-MI) that would have prohibited funding for execution of any FISA order that did not limit collection to data that pertained to an individual who was the subject of an investigation. Objections to the amendment, which was ultimately defeated by the unexpectedly close margin of 217-205, came from Senate Select Committee on Intelligence chairman Dianne Feinstein (Document 106), the White House (Document 107), and DNI Clapper (Document 108).

The contrast between the Bulk Collection program and the Section 702 'PRISM' program was that there was little dispute that the latter had produced significant intelligence that could be employed in operations against terrorist activities. Still, disclosure of the program was accompanied by the publication of relevant, sometimes Top Secret, documents (Document 18, Document 25, Document 26, Document 55) that produced significant controversy. One element of controversy concerned the specifics of the involvement of key communications providers (e.g. Yahoo, Google, Facebook) in the program — particularly if NSA had direct access to their servers.

A second source of controversy concerned a number of NSA claims made in a fact sheet it had posted on the Web about the 702 program (Document 78). The fact sheet sparked a letter from Senators Wyden and Udall (D-CO) (Document 85) to NSA director Keith Alexander with two objections. The senators wrote to dispute what they considered "an inaccurate statement about how section 702 authority has been interpreted by the U.S. government." In addition, they objected to the statement in the fact sheet that any inadvertently acquired communication concerning a U.S. person that was not relevant to the purpose of the intercept, or evidence of a crime, had to be promptly destroyed. They characterized the statement as "somewhat misleading in that it implies that the NSA had the ability to determine how many American communications it has collected under section 702, or that the law does not allow NSA to deliberately search for the records of particular Americans." In his response (Document 87), Alexander noted that "the fact sheet ... could have more precisely described the requirements for collection under Section 702." Shortly thereafter, the NSA removed both the Section 215 and Section 702 fact sheets from its website.

A number of disclosures and declassifications occurred subsequent to the president's August 12 announcement — primarily from The Washington Post and the Office of the Director of National Intelligence. Among the documents provided by Snowden to the Post was a Top Secret report (Document 44) on the Washington-based activities of the NSA's Signals Intelligence Directorate, with collection limitations imposed by Executive Order 12333, the FISA, and other regulations. Over the course of a year starting April 2011, it noted 2,776 incidents (2,057 related to the executive order and 719 with regard to FISA). The report attributed the incidents mostly to "roamers" (foreign targets that entered the United States), but they also involved cases of a lack of proper FISC authority, database queries, errors in tasking or detasking, and collection at international transit switches. The Post also first disclosed a 4-page document (Document 125) titled "Targeting Rationale," which focused on what information should, and should not, be provided to FISA Amendments Act "overseers."

On August 21, 2013, the Office of the DNI declassified a collection of relevant documents with Clapper providing an overview in a release letter (Document 123). Included in the documents were a directive on minimization (Document 38) — which was a more recent version of one of the documents that first appeared in The Guardian (Document 26) — as well as testimony before closed Congressional hearings (Document 41) and a semiannual compliance report (Document 113). In addition, there were three 2011-2012 opinions (Document 35, Document 40, Document 48) from the Foreign Intelligence Surveillance Court. The first of the opinions had been the subject of a lawsuit by the Electronic Frontier Foundation. It noted that "one aspect of the proposed collection — the 'upstream collection' of Internet transactions — is in some respects, deficient on statutory and constitutional grounds." The subsequent opinions (Document 40, Document 48) discussed the adequacy of the government's response to the court's criticism.

Compliance violations had been noted several days before the release in a press briefing (Document 120) by John DeLong, NSA's director of compliance. His disclosures produced reactions from Senate intelligence chairman Feinstein and committee members Wyden and Udall. Feinstein stated (Document 122) that her committee had "never identified an instance in which the NSA has intentionally abused its authority to conduct surveillance for inappropriate purposes," while Wyden and Udall wrote (Document 121) that "we believe Americans should know that this confirmation is just the tip of a larger iceberg."

Some people are prone to sleepwalking. The zombie-fuelled idea of a sleepwalker, with arms outstretched and eyes closed, magically avoiding contact with walls and tables, really isn’t the way people do it. More truthfully, their eyes are open with a level of awareness usually sufficient to avoid serious injury, but with actions more akin to a computer program than a fully aware individual. Many can communicate, of a fashion, but it is cursory and stilted. It’s an appropriate metaphor when describing the functional level of a typical citizen, compared to the fully connected and aware pre-industrial human.

Some people who sleepwalk also have night terrors. They report seeing strange figures looming over them, as if watching their every move – silent, dark, conspiratorial. Not so strange, given the circumstances...

The New Secrecy

I have spent a great deal of time, perhaps too long, pondering conspiracy theories and the vast range of plots being overseen by “those in control” against the ordinary person. It wasn’t so much the nature of these conspiracies, as the nature of the belief in such conspiracies that most interested me. This came to a head when I discovered yet another apparent plot against humanity related to that old chestnut Chemtrails. Apparently people exposed to the precisely-targeted-toxins-from-thirty-thousand-feet are finding strange threads emerging from wounds that HAVE NO EARTHLY ORIGIN! The previous emphasis is that of the Conspiracy Theorists (the capitalization of the previous two words is mine—there has to be some way of identifying crackpot theories from sensible ones).

So, about two-thirds of the way through writing my most recent book, I had a pop at the whole idea of Conspiracy Theories, with the express purpose of clarifying the real dangers we face from those who purport to control our behaviour. If we can learn to look towards that which is obvious and tangible, rather than being distracted by the ethereal and, frankly, bizarre, then we will learn an awful lot and perhaps do something about it.

Bradley Manning (soon to be Chelsea Manning, which should throw a few libertarians into apoplexy) knew that vast amounts of data were being kept out of the public realm, for no better reason than to protect the murderous activities of those keeping the information secret. His conscience, and his obvious intelligence, gave him little other option than to release what he knew – and conveniently, Wikileaks was in a position to receive that information, and channel it on to the wider media.

When Edward Snowden stole the crown jewels of the National Security Agency, he didn’t need to use any sophisticated devices or software or go around any computer firewall.

All he needed, said multiple intelligence community sources, was a few thumb drives and the willingness to exploit a gaping hole in an antiquated security system to rummage at will through the NSA’s servers and take 20,000 documents without leaving a trace.

“It’s 2013 and the NSA is stuck in 2003 technology,” said an intelligence official.

Jason Healey, a former cyber-security official in the Bush Administration, said the Defense Department and the NSA have “frittered away years” trying to catch up to the security technology and practices used in private industry. “The DoD and especially NSA are known for awesome cyber security, but this seems somewhat misplaced,” said Healey, now a cyber expert at the Atlantic Council. “They are great at some sophisticated tasks but oddly bad at many of the simplest.”

As a Honolulu-based employee of Booz Allen Hamilton doing contract work for the NSA, Snowden had access to the NSA servers via "thin client" computer. The outdated set-up meant that he had direct access to the NSA servers at headquarters in Ft. Meade, Md., 5,000 miles away.

In a “thin client” system, each remote computer is essentially a glorified monitor, with most of the computing power in the central server. The individual computers tend to be assigned to specific individuals, and access for most users can be limited to specific types of files based on a user profile.

But Snowden was not most users. A typical NSA worker has a “top secret” security clearance, which gives access to most, but not all, classified information. Snowden also had the enhanced privileges of a “system administrator.” The NSA, which has as many as 40,000 employees, has 1,000 system administrators, most of them contractors.

As a system administrator, Snowden was allowed to look at any file he wanted, and his actions were largely unaudited. “At certain levels, you are the audit,” said an intelligence official.

He was also able to access NSAnet, the agency’s intranet, without leaving any signature, said a person briefed on the postmortem of Snowden’s theft. He was essentially a “ghost user,” said the source, making it difficult to trace when he signed on or what files he accessed.

If he wanted, he would even have been able to pose as any other user with access to NSAnet, said the source.

The “thin client” system and system administrator job description also provided Snowden with a possible cover for using thumb drives.

The system is intentionally closed off from the outside world, and most users are not allowed to remove information from the server and copy it onto any kind of storage device. This physical isolation – which creates a so-called “air gap" between the NSA intranet and the public internet -- is supposed to ensure that classified information is not taken off premises.

But a system administrator has the right to copy, to take information from one computer and move it to another. If his supervisor had caught him downloading files, Snowden could, for example, have claimed he was using a thumb drive to move information to correct a corrupted user profile.

“He was an authorized air gap,” said an intelligence official.

Finally, Snowden’s physical location worked to his advantage. In a contractor’s office 5,000 miles and six time zones from headquarters, he was free from prying eyes. Much of his workday occurred after the masses at Ft. Meade had already gone home for dinner. Had he been in Maryland, someone who couldn’t audit his activities electronically still might have noticed his use of thumb drives.

It’s not yet certain when Snowden began exploiting the gaps in NSA security. Snowden worked for Booz Allen Hamilton for less than three months, and says he took the job in order to have access to documents. But he may have begun taking documents many months before that, while working with the NSA via a different firm. According to Reuters, U.S. officials said he downloaded documents in April 2012, while working for Dell.

Snowden is thought to have made his initial attempt to offer documents to the media in late 2012, while at Dell. According to published accounts, he tried to contact Guardian journalist Glenn Greenwald in December and started talking to filmmaker Laura Poitras in January.

He began working for Booz Allen in March. In May, he told his supervisor he needed to take time off to deal with a health issue, and then flew to Hong Kong, where he met with Poitras and Greenwald, on May 20. He later told the Guardian that he was downloading documents on his last day at work. The revelations based on his documents started appearing in the Guardian and the Washington Post within weeks.

Snowden is currently living in Russia, where he’s been granted temporary asylum. The U.S. government has charged him with theft and violations of the Espionage Act.

U.S. intelligence officials said recently that they plan to significantly reduce the number of individuals with system administrator privileges.

“U.S. intelligence has invited so many people into the secret realm,” said an intelligence official. “There are potentially tons of Edward Snowdens. But most people aren’t willing to vacuum everything up and break the law.”

The NSA did not immediately respond to a request for comment.

Richard Esposito is the Senior Executive Producer for Investigations at NBC News. Matthew Cole is an investigative reporter at NBC News. He can be reached at matthew.cole@nbcuni.com.

"You do not really understand something unless you can explain it to your grandmother" - Albert Einstein

"It is inaccurate to say I hate everything. I am strongly in favor of common sense, common honesty, and common decency. This makes me forever ineligible for public office" - H. L. Menken

"I swore never to be silent whenever and wherever human beings endure suffering and humiliation. We must always take sides. Neutrality helps the oppressor, never the victim. Silence encourages the tormentor, never the tormented" -Elie Wiesel

"Stay hungry, stay foolish" - Steve Jobs

"If you put the federal government in charge of the Sahara Desert , in five years ther'ed be a shortage of sand" - Milton Friedman

"The tragedy of modern man is not that he knows less and less about the meaning of his own life, but that it bothers him less and less" - Vaclav Havel